Cisco Secure Firewall and IOS Products Web Services Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on affected devices running Cisco ASA and FTD Software. In the case of Cisco IOS, IOS XE, and IOS XR Software, the vulnerability can be exploited by an authenticated, remote attacker with low user privileges.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected device with root privileges, potentially allowing for a complete compromise of the device.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco Secure Firewall ASA and FTD Software, customers can use the Cisco Software Checker tool to determine their exposure and find the earliest fixed release. For Cisco IOS, IOS XE, and IOS XR Software, the Cisco Software Checker can also be used to identify affected releases and the first fixed version.